In addition to a user password, two-factor authentication allows
the administrator to require traders to provide an authentication
code in order to login to X_TRADER, X_RISK, and TT User Setup. For
SMS, the authentication code is sent to the trader via the SMS number
configured in User Settings in TT User Setup.

Notes:

In X_TRADER ASP, two-factor authentication is required for
a buy-side user when any one of the brokers to which the trader
is connected configures the user for two-factor authentication.

For X_TRADER ASP and non-X_TRADER ASP users hosted in TTNET, two-factor
authentication via SMS and/or email is supported. Both authentication
methods can be enabled in the same user environment via a system-level
setting, but each user can only have one method enabled at a time
(either SMS or email) via a user-level setting.

X_TRADER ASP and non-X_TRADER ASP users hosted in TTNET can request a more or less restrictive Days an application can be trusted setting. By default, passwords expire every 90 days and after 5 days users that are required to use two-factor authentication must re-authenticate.To request a different default for your firm, please contact TT Support.

For two-factor authentication to work correctly:

The system must be enabled for two-factor authentication
by selecting one of the following system settings:

SMS

Email

Both SMS and Email

All TT User Setup Servers must be able to connect to api.twilio.com
over port 443 (SMS option).

All TT User Setup servers must have network access to an SMTP
server that has access to either the public internet of the domain
relevant to any possible email recipients (email option).

Individual users must be enabled for two-factor authentication.
If the user is set to Email two-factor authentication, an email
address must be configured. If the user is set to SMS two-factor
authentication, an SMS number must be configured. In X_TRADER ASP
the user's email address and SMS number are entered by the Buy-side
company admin.

Enabling Two-Factor Authentication via
SMS

Notes:

TT enables two-factor authentication
at the system-level using Server Admin | System Settings for X_TRADER ASP
and non-X_TRADER ASP users hosted in TTNET. For those users, you
do not need to enable two-factor authentication at the system-level
-- only the user-level settings are needed.

When enabling via SMS, all TT User Setup Servers must be able
to connect to api.twilio.com over port 443.

To
enable two-factor authentication via SMS:

On the Server
Admin menu, select System Settings. Select the Password
Rules tab.

Note: When upgrading to 7.17.40 or higher
from 7.17.30 or 7.17.31, if the “Enable two-factor authentication”
checkbox was checked, then the drop-down is set to Email after
the upgrade. Otherwise, the default setting is None.

You may optionally set the following parameters:

Days
an application can be trusted: Sets the number of days before X_TRADER,
X_RISK, and TT User Setup requests a new authentication code. A value
of “0” means the user has to use two-factor for every login (no
cookie is stored).

Minutes until two-factor authentication code expires:
Sets the amount of time a user has to enter a requested authentication
code. If this time expires, the user may request a new authentication
code from the login dialog

If the user cannot access...phone number or email address:
Enter an admin’s contact number or email address.

Select the User Settings tab and click the Two-factor
authentication checkbox to enable two-factor authentication
for that user.

Ensure that two-factor authentication via SMS is
also enabled for the system.

Enter an SMS Number and click Save.

In the TT
User Setup message that appears, verify that the SMS number is correct.
An SMS number is required when two-factor authentication is enabled
for the user and the SMS option is enabled for the system.

Enabling Two-Factor Authentication via
Email

All TT User Setup servers must have network
access to an SMTP server that has access to either the public internet
or the domain relevant to any possible email recipients.

Note: TT
enables two-factor authentication at the system-level using Server
Admin | System Settings for X_TRADER ASP and non-X_TRADER ASP users
hosted in TTNET. For those users, you do not need to enable two-factor
authentication at the system-level -- only the user-level settings
are needed.

To enable two-factor authentication via
email:

On the Server Admin menu, select System
Settings. Select the Password Rules tab.

Note: When upgrading to 7.17.40 or higher
from 7.17.30 or 7.17.31, if the “Enable two-factor authentication”
checkbox was checked, then the drop-down is set to Email after
the upgrade. Otherwise, the default setting is None.

You may optionally set the following parameters:

Days
an application can be trusted: Sets the number of days before X_TRADER,
X_RISK, and TT User Setup requests a new authentication code. A value
of “0” means the user has to use two-factor for every login (no
cookie is stored).

Minutes until two-factor authentication code expires:
Sets the amount of time a user has to enter a requested authentication
code. If this time expires, the user may request a new authentication
code from the login dialog

If the user cannot access...phone number or email address:
Enter an admin’s contact number or email address.

Note: If the SMTP server relies on a username/password
to login, you must check the SMTP server requires authentication
checkbox and populate the Account name and Password.

Select Send Test Email to verify the email settings.

Note:
You must have an email address configured for this user in order
to send the test email.

You must also add a contact email address or
phone number that users may use if they have issues receiving an
authentication code. This contact information appears on the login
dialog.

Click Save and close the System Settings dialog.

In the User Admin menu, select Users and double-click
a user row to access the User Settings.

On the User Settings tab, select Contact Information and
populate the Email field with the user’s contact email information.
Click Save.

Warning: Entering the incorrect email address
in this field prevents the trader from being able to login.

Enabling Two-Factor Authentication via
Both SMS and Email

Notes:

TT enables
two-factor authentication at the system-level using Server Admin
| System Settings for X_TRADER ASP and non-X_TRADER ASP users hosted
in TTNET. For those users, you do not need to enable two-factor
authentication at the system-level -- only the user-level settings
are needed.

When enabling via SMS, all TT User Setup Servers must be able
to connect to api.twilio.com over port 443.

To
enable two-factor authentication via Both SMS and Email:

On
the Server Admin menu, select System Settings. Select
the Password Rules tab.

Select Both SMS and Email from the Enabled two-factor
authentication settings drop-down menu.

Note: When
upgrading to 7.17.60 or higher from 7.17.30 or 7.17.31, if the “Enable
two-factor authentication” checkbox was checked, then the drop-down
is set to Email after the upgrade. Otherwise, the default
setting is None.

You may optionally set the following parameters:

Days
an application can be trusted: Sets the number of days before X_TRADER,
X_RISK, and TT User Setup requests a new authentication code. A value
of “0” means the user has to use two-factor for every login (no
cookie is stored).

Minutes until two-factor authentication code expires:
Sets the amount of time a user has to enter a requested authentication
code. If this time expires, the user may request a new authentication
code from the login dialog

If the user cannot access...phone number or email address:
Enter an admin’s contact number or email address.

Note: If the SMTP server relies on a username/password
to login, you must check the SMTP server requires authentication
checkbox and populate the Account name and Password.

Select Send Test Email to verify the email settings.

Note:
You must have an email address configured for this user in order
to send the test email.

You must also add a contact email address or phone number that
users may use if they have issues receiving an authentication code.
This contact information appears on the login dialog.

Click Save and close the System Settings dialog.

In the User Admin menu, select Users and double-click
a user row to access the User Settings.

Click the User Settings tab and click the Two-factor
authentication dropdown menu to select either SMS or Email.

If you selected Email, click Contact Information and
populate the Email field with the user’s contact email information.
Click Save.

Warning: Entering the incorrect email address
in this field prevents the user from being able to login.

If you selected SMS, enter an SMS Number and click Save.

In
the TT User Setup message that appears, verify that the SMS number
is correct.

Warning: Entering the incorrect SMS number in
this field prevents the user from being able to login.

Sending a Test SMS

After adding a text message (SMS)
number to the user settings, you can send a test message via System
Settings.

To send a test SMS:

On the Server
Admin menu, select System Settings. Select the Password
Rules tab.

In the Two-factor Authentication section, click Send Test
SMS.

A message indicating that the message has been sent appears.
You will receive a test message from Trading Technologies at the
SMS number provided in the user settings.

Switching Authentication Modes

After enabling two-factor
authentication in your environment or having it enabled prior to
a TT User Setup upgrade (e.g., from 7.17.30 to 7.17.60), the system
allows you to switch between the different authentication modes.
When switching to SMS or Email mode, the system checks for user-level
authentication settings that may conflict with the modified system
setting.

Note: If you receive a warning message about
a user authentication mode conflict (e.g., a user is set for SMS
and you are switching the system to Email), you will have to correct
the user setting before switching the mode at the system level.

Because
users with two-factor authentication set to Email have an email
address and users set to SMS have an SMS number, the system does
not need to verify the user’s email address or SMS number before
switching authentication modes.